As featured in The Wall Street Journal, Money Magazine, and more!

Credit Card Suspended for Merchant Database Breach

This article was written by in Credit. 14 comments.

I mentioned last week that my Citibank credit card was suspended and the issuer supplied me with a new credit card number. At the time, I assumed that this was due to my recent traveling, which might have raised red flags in Citibank’s fraud detection algorithms. A number of visitors suggested calling your credit card in advance of any travel to warn that charges from another area should be considered legitimate.

That is excellent advice, and I should remember to do that in the future. However, it wouldn’t have helped in this case. I was able to get a little more information out of Citibank. It seems that a merchant experienced a security breach jeopardizing the privacy of a customer database. They wouldn’t say which merchant was affected, but they solved the problem by issuing new card numbers to all members.

After I received and activiated my new card, I was able to view my transactions online. I was happy to see that my credit card number had not been used by anyone other than myself. I’ve only started the process of contacting utilities and other services which automatically bill my credit card each month. So far, the process of updating my account has been smooth thanks to the ability to perform most of this maintenance via the web.

Updated May 26, 2009 and originally published May 12, 2008. If you enjoyed this article, subscribe to the RSS feed or receive daily emails. Follow @ConsumerismComm on Twitter and visit our Facebook page for more updates.

Email Email Print Print
About the author

Luke Landes is the founder of Consumerism Commentary. He has been blogging and writing for the internet since 1995 and has been building online communities since 1991. Find out more about Luke Landes and follow him on Twitter. View all articles by .

{ 7 comments… read them below or add one }

avatar dogatemyfinances

I would be livid.

Some states have better identity theft laws than others. You might be able to get out of them what company it was.

Reply to this comment

avatar KC

Credit Card companies are always hush-hush about any sort of fraud. I had a mom and pop business that I buy from have their internet security breached. My card # was stolen and about $2k was charged. Mastercard called and handled everything – no charges to me, new card issued. I tried to find out what happened, but they just played it off.

Well a few days later the owner of the business called me to apologize – he said it was his business that had been breached, he was having it fixed, he’d even handle my business offline if that’s what it took, and he offered me a gift certificate – this guy has a customer for life cause of this! But the interesting thing is he said he was taking a lot of heat from Visa and MC cause he was notifying his customers he was the weak link!! They were threatening to sue him!! Well I kept my business with him, but I do it by check and money order now. This incident has really made me careful of credit cards. Those guys at Visa and MC are such devils. I use my cards as little as possible and I pay them off so they get no finance charges from me.

Reply to this comment

avatar Winter

Financial institutions are trying to get the right to disclose the merchant, but there can be a couple reasons they don’t have the info:

1. credit card company notices a pattern of fraud on a batch of cards, but hasn’t tracked it back to a single source yet
2. credit card company would rather not tick off the merchant by dragging them through the mud
3. Law enforcement may request the information not be disclosed because of an investigation.

Financial institutions, like the credit union I belong to and work for with a trade association, would love to disclose the info because we don’t want our own members to think WE are the problem!

Reply to this comment

avatar Anca

I’m traveling next week and notified my bank and CC (both under the Citibank umbrella). Hopefully I will be able to use my cards if necessary. But I am a little annoyed that they don’t provide an easy way to notify them, such as a link saying “Tell us you’ll be using your card in an unexpected locale”. I had to e-mail customer service to ask how to notify them and they just said to reply back with the dates and places.

Reply to this comment

avatar fathersez

I always inform the credit card issuer whenever I travel.

Even so sometimes, the card is declined at some foreign places and the merchant just says it’s not their fault.

So far, I have been lucky in the sense of having backup plans when my card got declined.

Reply to this comment

avatar Jane

For travel and for “fraud” that leads to them changing my cards # etc. I now have a “throw down card,” both Debit and Credit.” That I keep around just in case. In the case of my Debit card it is from a different bank and I keep just enough money there to cover the minimum so I don’t pay a monthly fee and/or what I need for a trip somewhere. (I expect to travel to west Africa at least once a year for the next few years and will travel with that card in case I did not bring enough cash with me.) That way the card is not linked to my primary bank.

Reply to this comment

avatar ib

hi there, flexo… i don’t know if you have hannaford supermarkets where you live (or travel to) but they had a MAJOR security breach which made news a few months ago. my citicard was replaced too & i suspect it was as a result of this (also considering they already had sent me a new card &# not that long before the incident came to light). who knows, though? i am sure there are other businesses which are too relaxed (technology-wise) with our info whether it made the news at a later date or not.

in my humble experiences, i have found that internet use is definitely more safe for card use (as we are told) than in person (and i use cards on the net a lot; always on sites i know are authentic). my boyfriend uses the web less and has had MANY cards replaced and many fraudulent things appear on his bills, though all have been handled satisfactorily. he still won’t go back to one restaurant i pointed out might have been the source of one of the breaches for him (cash advances to his credit card a few states away!). i digress……

Reply to this comment

Leave a Comment

Note: Use your name or a unique handle, not the name of a website or business. No deep links or business URLs are allowed. Spam, including promotional linking to a company website, will be deleted. By submitting your comment you are agreeing to these terms and conditions.

Notify me of followup comments via e-mail. You can also subscribe without commenting.